News
Do I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule UpdateDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule Update
Beginnerfront deskpractice managerprovidervendor

Your HIPAA basics checklist

How to use medcomply.ai's plain-English checklist to see gaps before they become investigations.

TL;DR

Use the interactive checklist to track training, BAAs, workstations, and more. Progress saves in your browser so you can work through it over time.

Updated 2026-04-21

This short article pairs with our interactive HIPAA checklist, a practical way to see whether your basics are covered.

Why a checklist helps

Compliance is not one big project you finish once. It is a set of promises your practice makes to patients and regulators: we train people, we lock systems, we have BAAs, we respond when things break.

The checklist turns those promises into yes/no questions you can actually answer.

How to use it

  1. Open the full checklist.
  2. Choose your role filter if you want a shorter list.
  3. Check items off as you verify them, saves on this device.
  4. Use PDF export before a leadership meeting or share a link with your team.

What to do with gaps

Do not hide them. Prioritize essentials first, Notice of Privacy Practices, training, workstation locks, BAAs for vendors with PHI, and a named privacy official for covered entities.

Then schedule make-up tasks like risk assessments and policy updates.

Keep reading

Next in your reading path → Do we need a Privacy Officer?

Not legal advice. Educational overview only; consult qualified counsel for your situation.